I have been working platformIO for a while, and recently have been looking into enabling some advanced features in my product. The feature that I am currently focused on is getting the firmware build by the nRFutil tools to be cryptographically signed.
This following command is what I want to implement in my platformIO environment
nrfutil pkg generate --application <path_to_hex_file> --application-version 0 --hw-version 52 --sd-req 0x98 --key-file private-key.pem dfu-app.zip
Does PlatformIO use the above command during upload process? If so, does adding the flags such as --key-file to upload_file be sufficient?
The package zip file is generated with this command recipe
And since the a adafruit_feather_nrf52832 board the default upload protocol is
Meaning the firmware is first compiled to .elf as normal, then converted to .hex, and then given as input to the PackageDfu builder command as displayed above to give the firmware.zip package.
That .zip package is then uploaded via this command
As you can see above, PlatformIO does not use a --key-file private-key.pem command during the package generation, and using upload_flags would only add flags to the UPLOADCMD (via $UPLOADERFLAGS) which is after the ZIP file has already been generated.
PlatformIO’s builder script above does currently not give the user the opportunity to add custom flags in the package generation process, such as a signing key.
I would suggest:
Locally change <user home directory>/.platformio/platforms/nordicnrf52/builder/main.py lines 130-147 by adding your own "--key-file", "private-key.pem", arguments into the array at the correct place. Verify that the argument is included correctly by using the project task Advanced → Verbose Upload, which shows in the end all invoked commands before and during upload.